Method for operating a service system

ABSTRACT

A method for operating one or more service systems performed in a memory of an analyzing entity (AE) includes a) receiving, by an input interface of the AE, one or more control requests for controlling one or more resources of at least one of the one or more service systems; b) assessing, by the AE, an impact on the one or more service systems of the one or more control requests by checking an effect on already performed control requests for resources of the one or more service systems when the one or more control requests would be performed on one or more of the resources of the at least one of one or more service systems; and c) checking, by the AE, if the assessed impact violates one or more adverse situation rules (ASR).

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a U.S. National Stage Application under 35 U.S.C. §371 of International Application No. PCT/EP2016/055997 filed on Mar. 18,2016. The International Application was published in English on Sep. 21,2017 as WO 2017/157465 A1 under PCT Article 21(2).

FIELD

The present invention relates to a method for operating a servicesystem. The present invention further relates to a computing entity.Even further the present invention relates to a non-transitory computerreadable medium storing a program, causing a computer to execute amethod for operating a service system.

BACKGROUND

Conventional building management systems (BMS), also referred to asbuilding control or building automation systems (these terms areinterchangeably used in this application) are modeled in a three layerarchitecture comprising a management layer as to which monitoring andcontrol systems are associated an automation layer to which controllers,gateways or the like are associated and a field layer to which sensors,actuators or the like are associated.

The management layer enables human interaction and configuration indaily operation. This top layer communicates with automation levelgateway devices e.g. via ModBus, M-Bus, EEB, BACnet/IP or OPC protocolsto access information from sensing and actuation devices. Typicallyconventional management level systems are referred to as SCADA.SCADA-like systems are applicable to controlling various kinds ofservice provisioning systems. Such systems provide specific services torequestors, e.g. heating, ventilation, cooling, water, etc. and aredenoted “service systems” in the following. Service systems may shareresources, e.g. a gas boiler may provide thermal energy supply toheating systems and hot water systems inside a single building. Thusservice systems may be inter-dependent. Service systems may also beinter-dependent due to other reasons, e.g. the physical layout of thebuilding: a room cooled by air conditioning may share a wall with a roombeing heated. Service systems' behaviors are controlled by the BMSautomation and field layers under guidance of the management layer.

BMS have usually a large amount of different sensors, actuators andcontrollers. Operators of a BMS try to enhance the efficiency of theservice systems to save costs, etc.

The specific optimization of a single service system (e.g. a heating,ventilation and air-conditioning system HVAC) or e.g. a single area(e.g. floor or single office area) with respect to one or more definedkey performance indicators KPI lacks the consideration of side effectson other systems or areas of the entire building and can have adverseimpacts on total energy consumption or other applications' KPIs. In theEU FP-7 research projects CAMPUS21 and BaaS, the developed supervisorysingle system heating control optimizations are examples of specializedconventional applications using a networked BMS via a standardizedrequest interface.

In a conventional SCADA setting, human staff's changes to theoperational parameters of a single system, e.g. the HVAC supplytemperatures, can have effects on other areas. The effects of changesare hard to predict even for expert users. For example a change to asystem operation schedule or an adaptation of a supply temperatureset-point curve can have significant effects on other systems byunforeseen interdependencies.

In conventional building management settings, SCADA systems haveconfigured with permissible ranges of allowed control parameters and usecredentials to protect against changes of configuration or controlpattern. However these ranges are set statically and do not dependent onthe operational context. Due to this conventional systems areover-dimensioned subject to a so-called coincidence factor describingthe probability of coinciding requests/demands. If operational realitydeviates from this, resource shortages occur. The dimensioning ofservice systems due to coincidence factor is a trade-off: conservativeestimates ensure operations but come at the cost of over dimensionedsystems while optimistic estimates run the risk of frequent shortagesand conflicts.

For instance an installed boiler capacity of a building is dimensionedby a peak load of different heat consuming systems (HVAC, space heating,hot water, potentially special systems like grass heating) expected tocoinciding at most. As system configurations change, usage patterns andweather change, as well as refurbishment measures, e.g. replacement ofboilers or heat exchangers over the lifetime of a building, situationscan arise where the expected coincidence does not match reality anymore.Two negative scenarios can be conceived:

-   -   1.) In case the heat supply capacity is insufficient, adverse        effects or conflicts on all or only a subset of the systems are        expected. Typically, these systems will react with increases in        demand (e.g. by indicating increased system supply temperatures        resulting in increased heat exchanger valve openings on the        overall supply circuit) worsening the overall heating situation        further.    -   2.) In situations where the installed heat supply peak capacity        is just sufficient, the boiler may run outside of maximum        efficiency operation ranges.

In particular thermal systems such as space heating, hot water andcooling typically have much flexibility: e.g. indoor temperaturecontrols usually aim at staying within a target temperature band (e.g.20° C.±1° C.). Further by varying supply temperature set points theyhave flexibility in energy consumption and duration of operation.

In WO2013/171234 conflicts are detected and resolved by distributedorchestration engines hosted in e.g. PLC components. They detect thatmultiple conflicting requests have been received. The detected conflictsare communicated on a so-called service bus and are resolved by SCADA orManufacturing Execution Systems (MES).

In U.S. Pat. No. 8,615,312 an orchestration engine is defined based onHigh Level Petri Nets (HLPN) defining the orchestration engine behaviorto orchestrate service oriented service systems. No conflicts areresolved.

In US20110035229 also covers orchestration of services offered byservice-oriented automation components of a manufacturing facility fromone manufacturing level to a higher level such as the corporate,business and/or production level. No conflict resolution is described.

In US20130232267 resource requests in a communication network areresolved by applying policies to network flows based on the aggregatedresource availability, e.g. using priorities and admitting or rejectingflows completely.

Further in U.S. Pat. No. 7,031,793 a method for conflict resolution isdescribed among a plurality of controllers. By adapting the controlinstructions, e.g. based on mathematical models in a multi-tieredarchitecture conflicts are detected and resolved.

Even further in the non-patent literature of Ruta, M.; Scioscia, F.;Loseto, G.; Di Sciascio, E., “Semantic-Based Resource Discovery andOrchestration in Home and Building Automation: A Multi-Agent Approach,”in Industrial Informatics, IEEE Transactions on, vol. 10, no. 1, pp.730-741, February 2014 doi: 10.1109/TII.2013.2273433 a multi agent basedconflict mediation and resource orchestration on the agent level forbuilding domotics is described between a home agent and a device agent.Conflicts for newly received requests are negotiated on the agent leveland based on utility expressions defined upon service preferences, i.e.if one agent's requests directly interfere with another agent'spreferences.

SUMMARY

In an embodiment, the present invention provides a method for operatingone or more service systems, the method being performed in a memory ofan analyzing entity (AE). The method includes a) receiving, by an inputinterface of the AE, one or more control requests for controlling one ormore resources of at least one of the one or more service systems; b)assessing, by the AE, an impact on the one or more service systems ofthe one or more control requests by checking an effect on alreadyperformed control requests for resources of the one or more servicesystems when the one or more control requests would be performed on oneor more of the resources of the at least one of one or more servicesystems; c) checking, by the AE, if the assessed impact violates one ormore adverse situation rules (ASR), wherein an ASR violation representsa situation of the service system in which at least partly contradictingeffects on one or more resources of the one or more service systemswould occur due to a performance of the one or more control requests; d)upon violation of one or more ASR, computing, by the AE to reduceviolation of the one or more ASR, one or more adapted control requestsfor one or more of the control requests and/or one or more of thealready performed control requests; e) negotiating, by the AE, withrequestors of the one or more of the control requests and/or the one ormore of the already performed control requests, the computed adaptedcontrol requests until acceptance is achieved, wherein the negotiatingincludes one or more recomputed adapted control requests; and f) uponacceptance, transmitting, by the AE, the accepted control requests viaan output interface to recipients of the control requests.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention will be described in even greater detail belowbased on the exemplary figures. The invention is not limited to theexemplary embodiments. All features described and/or illustrated hereincan be used alone or combined in different combinations in embodimentsof the invention. The features and advantages of various embodiments ofthe present invention will become apparent by reading the followingdetailed description with reference to the attached drawings whichillustrate the following:

FIG. 1 shows steps of a method according to an embodiment of the presentinvention;

FIG. 2 shows steps of a method according to a further embodiment of thepresent invention;

FIG. 3 shows a system according to an embodiment of the presentinvention;

FIG. 4 shows a system according to a further embodiment of the presentinvention; and

FIG. 5 shows steps of a method according to a further embodiment of thepresent invention.

DETAILED DESCRIPTION

Embodiments of the present invention provide systems and methods thatcan increase efficiency of service systems. Embodiments of the presentinvention further provide systems and methods that avoid or at leastreduce effects of colliding requests on system resources of a servicesystem as well as interdependent service systems, if present.Furthermore, embodiments of the present invention provide systems andmethods that avoid misconfigurations caused, for example, by humanconfiguration errors of the service system.

Although applicable to any kind of management system, embodiments of thepresent invention will be described with regard to managing resources ofbuilding service systems controlled by building management systems(BMS).

In an embodiment the present invention provides a method for operatingone or more service systems, said method performed in a memory of ananalyzing entity, ‘AE’, comprising the steps of:

-   -   a) receiving, by an input interface of said AE, one or more        control requests for controlling one or more resources of at        least one of the said one or more service systems,    -   b) assessing, by said AE, the impact on said one or more service        systems of said one or more control requests by checking the        effect on already performed control requests for resources of        said one or more service systems when said one or more control        requests would be performed on one or more of the resources of        said at least one of the said one or more service systems,    -   c) checking, by said AE, if said assessed impact violates one or        more adverse situation rules, ‘ASR’, an ASR violation        representing a situation of the one or more service systems in        which at least partly contradicting effects on one or more        resources of said one or more service systems would occur due to        a performance of said one or more control requests,    -   d) upon violation of one or more ASR, computing, by said AE, one        or more adapted control requests for one or more of said control        requests and/or one or more of said already performed control        requests, said computing being directed to reduce violation of        said ASR,    -   e) negotiating, by said AE, with requestors of said one or more        of said control requests and/or said one or more of said already        performed control requests, said computed adapted control        requests, said negotiating can include one or more recomputed        adapted control requests, until acceptance is achieved,    -   f) upon acceptance, transmitting, by said AE, the accepted        control requests via an output interface to recipients of said        control requests.

In a further embodiment, the present invention provides a computingentity, comprising an input interface for receiving one or more controlrequests for controlling one or more resources of at least one of one ormore service systems, an output interface for transmitting acceptedcontrol requests to recipients of said control requests, computationmeans comprising a processor and a memory, being adapted to receive fromsaid input interface one or more control requests for controlling one ormore resources of said at least one of one or more service systems, toassess the impact on said one or more service systems of said one ormore control requests by checking the effect on already performedcontrol requests for resources of said one or more service systems, whensaid one or more control requests would be performed on one or more ofthe resources of said at least one of one or more service systems, tocheck if said assessed impact violates one or more adverse situationrules, ‘ASR’, an ASR violation representing a situation of the one ormore service systems in which at least partly contradicting effects onone or more resources of said one or more service systems would occurdue to a performance of said one or more control requests, uponviolation of one or more ASR to compute one or more adapted controlrequests for one or more of said control requests and/or one or more ofsaid already performed control requests, said computing being directedto reduce violation of said ASR, to negotiate with requestors of saidone or more of said control requests and/or said one or more of saidalready performed control requests, said computed adapted controlrequests, said negotiating can include one or more recomputed adaptedcontrol requests, until acceptance is achieved, and upon acceptance, totransmit the accepted control requests via said output interface torecipients of said control requests.

In an even further embodiment, the present invention provides anon-transitory computer readable medium storing a program causing acomputer to execute a method for operating one or more service systems,the method comprising the steps of:

-   -   a) Receiving one or more control requests for controlling one or        more resources of at least one of the said one or more service        systems    -   b) Assessing the impact on said one or more service systems of        said one or more control requests by checking the effect on        already performed control requests for resources of said one or        more service systems, when said one or more control requests        would be performed on one or more of the resources of said at        least one of the one or more service systems,    -   c) Checking if said assessed impact violates one or more adverse        situation rules, ‘ASR’, an ASR violation representing a        situation of the one or more service systems in which at least        partly contradicting effects on one or more resources of said        one or more service systems would occur due to a performance of        said one or more control requests,    -   d) Upon violation of one or more ASR, computing one or more        adapted control requests for one or more of said control        requests and/or one or more of said already performed control        requests, said computing being directed to reduce violation of        said ASR,    -   e) Negotiating with requestors of said one or more of said        control requests and/or said one or more of said already        performed control requests, said computed adapted control        requests, said negotiating can include one or more recomputed        adapted control requests, until acceptance is achieved,    -   f) Upon acceptance, transmitting the accepted control requests        via an output interface to recipients of said control requests.

The term “control request” can be used to refer to data or informationin the form of packets, messages, etc. indicating a request forchanging, applying, operating, etc. changes on operating or performingresources.

The term “negotiating” refers in particular in the claims, preferably inthe specification for example to at least one “round” of steps:proposing an amendment of a control request, evaluating the proposedamended control request, feedback of the evaluated control request, andproposing a further amendment of the amended control request ifapplicable or accept the proposed amended control request.

Then, e.g. re-amending the amended control request or accepting theproposed amended request, etc. can be performed. Further, the term“negotiating” can be used to refer to collaboratively agreeing on acontrol request or an amended control request.

The term “contextual information” can refer to information which may berelevant and/or may be have an impact and/or may be helpful, etc. foroperating said service system. Contextual information can be for exampleday of the week, weather parameters or information queried from servicesystems, sensors, actuators, etc.

The term “behavior” in connection with “service system” can be used torefer to changes, amendments, deviations or the like in the operationalperformance of the automation system or service system, for example achange in technical operational parameters like temperature, powerconsumption, or the like or non-technical operational parameters likecosts for energy supply, water supply, quality of experience for usersof the service system, etc.

For assessing the impact on said service system, operational parametersrepresenting behavior of said automation system and/or contextualinformation can be evaluated. This enables a high precision whenassessing the impact of control requests on a service system.

Said operational parameters and/or said contextual information can beprovided by a neural network and/or a database. This allows e.g. in caseof a database to provide said contextual information in a fast andreliable way.

For determining said ASR violation energy consumption constraints likepeak load thresholds or the like can be evaluated. This enables one ofthe important characteristics of service systems to be considered, notonly having an impact on the physical behavior of the services but alsoon the non-physical behavior regarding the costs of energy consumptionand thus avoiding a waste of energy.

An ASR can be provided in form of a logical expression of one or moreconditions of said one or more service systems which are notpermissible. This provides an easy and user-friendly way to provideASRs. For example an explicit logical expression of a condition that isnot permissible in combination can be for example space heatingsupply >50° C. and hot water >70° C.

For at least step b) and/or step d) described above, sensor informationof sensors and actuator information of actuators of resources of saidone or more service systems can be provided. This allows an even moreprecise assessment of the impact of different control requests on theresources of the said one or more service systems.

Said sensor information and said actuator information can include energyconsumption information of said resources. This allows in an easy andreliable way to assess the impact of control requests concerning theenergy behavior of the service system.

Steps c)-f) described above can be performed for an already admittedcontrol request in predefined time intervals and/or periodically. Thisallows to examine the admitted one or more control requests repeatedlyagainst the ASRs and to adapt the operation, for example in case ofweather changes or the like.

Said operation parameters can be evaluated dynamically. Operationalparameters like peak capacity can then be derived dynamically, forexample as function of service system sensor information and/or actuatorinformation, external information services or special services. Thisenables for example to track degradations in the efficiency of certainresources to restrain the demand to stay within an optimal predefinedefficiency operation band of the service system.

For determining a violation of one or more ASR, effects of differentcontrol requests can be weighted against each other. This allows in avery flexible way to determine a violation.

Said weights can be dependent on the time a request is already admittedor on a value of an operational parameter on which said request has animpact or weights are determined based on external information. Forexample when said weights are dependent on the time a request is alreadyadmitted, this enables to “penalize” long standing requests so that theyare more likely to be candidates for modification. If the weights arechanged for example anti-proportional to the period of time a controlrequest is being served, newer control requests will become modifiedstronger than already served requests.

An algebra can be computed to identify possible valid adaptations tocontrol requests. This allows in an easy and reliable way to use onlylogic service system conditions being expressed in said algebra whichenable to identify possible modifications to all control requests sothat no ASR is violated.

Relative importance rankings can be determined and used during and forsaid negotiation. This enables to enhance flexibility since amendmentsto control requests or the control requests as a whole can be assignedto priority values so that corresponding amendments to the controlrequest are performed according to the priorities.

FIG. 1 shows steps of a method according to an embodiment of the presentinvention. In FIG. 1 a method for operating one or more service systemsis shown. Said method performed in a memory of an analyzing entity,‘AE’, comprising the steps of:

-   a) receiving, by an input interface of said AE, one or more control    requests for controlling one or more resources of at least one of    said one or more service systems,-   b) assessing, by said AE, the impact on said one or more service    systems of said one or more control requests by checking the effect    on already performed control requests for resources of said one or    more service systems when said one or more control requests would be    performed on one or more of the resources of said at least one of    one or more service systems,-   c) checking, by said AE, if said assessed impact violates one or    more adverse situation rules, ‘ASR’, an ASR defining a situation of    the said one or more service systems in which at least partly    contradicting effects on one or more resources of said one or more    service systems would occur due to a performance of said one or more    control requests,-   d) upon violation of one or more ASR, computing, by said AE, one or    more adapted control requests for one or more of said control    requests and/or one or more of said already performed control    requests, said computing being directed to reduce violation of said    ASR,-   e) negotiating, by said AE, with requestors of said one or more of    said control requests and/or said one or more of said already    performed control requests, said computed adapted control requests,    said negotiating can include one or more recomputed adapted control    requests, until acceptance is achieved,-   f) upon acceptance, transmitting, by said AE, the accepted control    requests via an output interface to recipients of said control    requests.

FIG. 2 shows steps of a method according to a further embodiment of thepresent invention. In FIG. 2 a flow chart of a so-called context awareresource mediation and negotiation for automation systems, ‘CARMENAS’,is shown. According to an embodiment the so-called CARMENASinterchangeably used for a system and a method—means here Context AwareResource Mediation and Negotiation for automation systems—monitorscontrol requests from so-called requestors towards the automationinfrastructure and compares the already served requests in combinationwith a newly received request against rules defining adverse situations.In case one or more of the adverse situation rules, ‘ASR’, are violated,it will be checked if a reduction of one or more of the requests beingalready served and the newly received could prevent ASR violation. If atleast one combination of reductions can be constructed/computed, thesewill be communicated for approval to the respective requestors. Ifagreed by the requestors, the modified requests are enacted.

Since applications have various ways of meeting their KPIs—e.g. aheating system can heat longer at lower temperatures or heat in burstwith higher temperature to maintain target indoor temperatures, thenegotiation makes it possible for the applications to adapt theirdecisions.

To perform this concept, CARMENAS is configured with systemcharacteristics for service (e.g. Heating) and shared resource systems(e.g. boiler) systems and with rules indicating adverse situations.

In the following an example for building systems characteristics isgiven: a space heating system may consume 20 kW if run at 50° C. supplytemperature and 30 kW if run at 55° C. The representation of thesecharacteristics can be e.g. in the form of a table for all discretevalues of operational parameters, or can be in the form of a functionbased on an analytical or regression model. Resources of said system canbe identified by one or more set points identifiers controlling them.

In a further embodiment the system characteristics may depend oncontextual information, e.g. day of week, weather parameters or frominformation CARMENAS queries or receives from the service systems, e.g.via the BMS or SCADA systems. In general, the system characteristics canbe provided or obtained by learning approaches, system databases,configuration by human staff and/or be derived from building and systemschematics.

The ASR can be formulated in the form of constraints, e.g. energeticconstraints evaluated based on system characteristics and permissiblepeak load, e.g. sum of system demands derived from requests is greaterthan defined peak capacity and/or as explicit logical expressions ofconditions that are not permissible in combination, e.g. space heatingsupply >50° C. and hot water >70° C.

CARMENAS's adverse situation rules ASR can be used to accommodate:

-   -   Detection of demand exceeding maximum supply    -   Detection of demand exceeding desired load, e.g. to stay within        maximum efficiency bands of boilers (i.e. sum of system demands        derived from requests is smaller than defined desirable minimum        load)    -   Detection of demand undercutting desired minimum load, e.g. to        stay within maximum efficiency bands of boilers    -   Detection of counteracting effects, e.g. Cooling and Heating        systems affecting the same building space.

The CARMENAS method and system can use or be provided with sensor andactuator information for the different service systems consuming energy,e.g. space heating, hot water, HVAC, and the energy generation systems,e.g. the boiler and distribution systems, e.g. the main heating branchto be able to track and adapt to the real building situation. Furtherthe CARMENAS method and system can also access external information suchas weather data, weather forecast data, calendar and schedulinginformation.

CARMENAS can act in pre-defined time intervals without a trigger of anexternal request. This allows to examine the admitted requestsrepeatedly against the ASRs and adapt operation e.g. in the case ofweather changes and can be useful when context specific systemcharacteristics are used.

In a further embodiment ASR conditions such as the peak capacity canalso be derived dynamically, e.g. as functions of service system sensorand actuator information, external information sources and/or specialservices. This way, e.g. degradations of boiler efficiency can betracked to restrain the demand to stay within the optimal efficiencyoperation band of the building energy supply system.

ASRs can also be given a relative importance rating to distinguishbetween rules expressing preferred situations from rules capturingcritical conditions.

In all cases of ASR violation CARMENAS can report the detection of anadverse situation, its internal state of running systems and/or admittedrequestors for diagnostic purposes.

To provide adapted requests a determination logic can be used, e.g.performed on a computing device. Said determination logic to adaptrequests upon ASR violation may be as follows: It is assumed here thatat the time of receiving request R_(i) from requestor A, other requestsR_(1 . . . i-1) are already being served. If admitting R_(i) will resultin violating one or more ASRs:

min (∑w_(i) * Δ R_(i))∀i subject  to ASR_check(  ) =  = FALSEΔ Ri + mod(R_(i)) = R_(i)∀i

where ΔRi describes the change to request R_(i), mod(R_(i)) describesR_(i) after this change. f(mod(R_(i))) describes the system energyconsumption if the modified Ri is being employed and w_(i) is aconfigurable weighting factor that can be set in relation to thebuilding system pertaining to the R_(i).

In a further embodiment the configured weights are rescaled based on therelative system priorities so that Σw_(i)=1 and ASR_check is a logical(boolean) to check all modified R_(i) against all configured ASRs.

If weights are set equally, this tries to minimize requests' set pointchanges and will penalize larger consumers. By changing the weightsw_(i), priorities of systems can be encoded according to the systems'importance in the overall operation.

In another embodiment the w_(i) are increased with the time R_(i) beingalready active or by associated system's total energy consumption due toR_(i) so that requests that long standing requests are more likely to becandidates to modification. By changing w_(i) anti-proportional to theperiod of time R_(i) is being served, newer requests can become modifiedstronger than already served requests.

In another embodiment the determination of weights w_(i) can depend onadditional information received from external information sources (e.g.weather services) or service system information received from relevantsensors or actuators CARMENAS queries via the SCADA/BMS system. Thisadaptation of w_(i) might be a system characteristic function encodinge.g. increasing the system's w_(i) the further the system is away fromits control target. This way, systems presently close to their controltarget are more prone to request modifications.

For example, for the peak capacity constraint, a corresponding ASR isviolated if Σf(mod(R_(i))) greater than defined peak capacity, wheref(mod(R_(i))) denotes the energy consumption of the system affected bymodified R_(i)—which can be derived from the configured systemcharacteristics.

In a further embodiment, if no energetic constraint ASR is specifiedand/or additionally or alternatively logical system conditions can beexpressed in an algebra which be used to identify the possibly viablemodifications to all R_(i) so that no ASR is violated. For this thefollowing logic can identify possible modifications to some of the R₁ .. . R_(i):

-   -   1. Extract for each violated logical ASR the logical components        evaluating to TRUE for the different i.e. indicating a violation        of the ASR component. Aggregate the R_(i) causing the ASR        violations into a candidate set C along with the related ASR        components.    -   2. Calculate the required minimum modification of the requests        in the set C to change the evaluation of the associated        components to FALSE. Store these candidate modifications for the        negotiation phase.

Once one or more viable modifications are determined by the CARMENASsystem the requestors affected by the modifications are contacted withproposed modifications. If all affected requestors agree, the modifiedrequests are communicated to the service systems. The CARMENAS systemstores information on the modified R_(i) (and the requestors).

If one or more requestors object the modification, the CARMENAS systemcan be configured with the following one or more procedures, which canbe combined:

-   -   a) If multiple candidate modifications for the same requestor        have been conceived, contact the requestor with another        candidate modification    -   b) re-run the modification logic assuming the confirmed request        modifications (which potentially will be further modified) in        addition to the requests for which the corresponding requestors        denied the suggested modifications. Then the CARMENAS system        will again contact the requestors for the respective newly        derived request modifications for their acceptance.    -   c) re-run the modification logic assuming the confirmed request        modifications (which potentially will be further modified) and        remove the requests for which the corresponding requestors        denied the suggested modifications from the modification logic        evaluation. Then the CARMENAS system will again contact the        requestors for the respective newly derived request        modifications for their acceptance.    -   d) enforce the proposed modifications despite the objection,        e.g. for lower priority service systems. This requires a        configuration of the CARMENAS system with system priorities.    -   e) deny the new request R_(i)

Option a) can be repeated multiple times until all requestors accept theproposed modifications. To prevent endless loops of objections, theCARMENAS system can execute options b) or c) after a) configured numberof iterations.

In another embodiment a request modification similar in nature tochoosing w_(i) depending on the R_(i) are already being served first thenewest incoming request R_(i) is considered to be modified in case ofASR violation. If this is not acceptable to the requestor, only then thestandard logic to modify requests is executed. This way, requests servedfor long time are less likely to be modified.

In another embodiment ASRs are given relative importance ratings asindicated above, and these ratings are used in the negotiation rounds inrelation to step a) above:

-   -   In the first determination of request modification, all        preferred and critical ASRs are considered in ASR_check to        determine the proposed modifications    -   After receiving less than a minimum required acceptance rate by        the requestors to proposed modifications of their respective        requests, ASR_check is modified in its behavior to consider only        critical ASRs, ignoring preferred ASRs in determining the        modification proposals.

In FIG. 2 a possible flow chart of multiple negotiation rounds withrejected modifications is shown. Variations such as priorities of ASR,priority of systems, enforcement are not shown. Also not shown isinterval based invocation and context awareness.

In FIG. 2 when a new request R is received the set of currently servedrequests if fetched from a state database SDB. The new request R isincluded into the fetched set S in a first step S1. In a second step S2said set S is checked against logical adverse situation rules. In afurther step S3 after step S1 associated system characteristics for eachentry in the set S are fetched and in a fourth step S4 resource demandis derived from the set S and the associated system characteristics. Ina fifth step S5 it is checked whether one or more other adversesituation rules are violated and if not in a six step S6 the request Ris enacted and the request R is added to the set S stored in the statedatabase SDB.

If one or more ASRs are violated then in a seventh step S7 possiblemodifications to the requests in the set S are calculated/computed andthe modifications/modified requests included into a set C are proposedto the requestors.

In an eighth step S8 it is checked whether there are rejections or not.If there are no rejections then in an ninth step S9 the modifiedrequests from the set C are enacted and the database SDB is updated withsaid set C.

If there are rejections then in a tenth step S10 possible modificationsto the request in the set S are calculated/computed assuming acceptedmodifications resulting in a set C*. This set C* is proposed to therequestors. Then in an eleventh step S11 it is checked whether there arestill rejections for this amended set C*or not. If there are norejections then in a twelfth step S12 a modified request from said setC* are enacted and the database SDB is updated with said set C*. Ifthere are rejections then step S10 is performed again and further step11 etc.

FIG. 3 shows a system according to an embodiment of the presentinvention and FIG. 4 shows a system according to a further embodiment ofthe present invention. In FIGS. 3 and 4 an example for BMS situations,e.g. to account for sub-optimal human configuration changes, is shown,the CARMENAS system being installed between a management level and anautomation level. In case expert applications are deployed on top of themanagement layer, either remotely via a wide area communication networkor within the building, the CARMENAS system can alternatively beinstalled on the interface between the management layer and theapplication(s) to prevent inappropriate requests even reaching the BMSat all. Both deployments/embodiments also apply to requests initiated byhuman staff, e.g. changing set points or schedules of heating systems.

If installed on top of management layer, the CARMENAS system willreceive control or actuation requests from requestors (specializedbuilding applications deployed inside the building or outside in a cloudsetting), e.g. switching the space heating ON with a supply temperatureof 70° C.

The following situations can happen if this request was to be acceptedbased on the active system requests already accommodated and theassociated building system characteristics:

-   -   1.) No adverse situation rule ASR is violated: the request is        accepted and passed on to the lower layers in the architecture        as usual. The CARMENAS system updates its internal state to        reflect the consumption just admitted and confirms the request        to the requestor. It remembers the requestor.    -   2.) One or more adverse situation rules ASR are violated, e.g.        because other systems are already using enough energy so that        accepting the request would result in an adverse situation: The        CARMENAS system will, based on the system consumption        characteristics of the currently consuming systems and the        requesting system try to modify the request to not violate the        adverse situation rules as specified above.

FIG. 3 depicts CARMENAS's deployment in the specialized buildingapplication setting using a networked deployment. Here the applicationsare shown Application's Requests and CARMENAS modifications areexchanged via the Request Interface (RI*) transmitted over aCommunication Network, e.g. the Internet. CARMENAS instructs admitted ormodified requests to the BMS via the request interface (RI). Generally,RI* and RI can use different protocols. Without loss of generality,these specialized applications might also be deployed within thebuilding premises.

In FIG. 4 it is shown how the CARMENAS system or entity can be deployedwithin building deployments. The CARMENAS system is placed here on theinterface between management layer and automation layer and monitors thecontrol requests issued by the management layer. These requests might betriggered by instructions received from specialized applications on topof the management layer. If a legacy protocol on RI does not supportnegotiation of requests. Then the CARMENAS system does not requiremanagement layer consent to modify requests received on RI or to modifyexisting requests in the database SDB to accommodate a new request R.Modified and unmodified requests are passed on via the RI interface tothe automation layer. If the RI interface protocol supports messagestowards the management layer, the CARMENAS system rejects the actuationrequest with an appropriate error code. Subsequent data queries of theManagement Layer to the Automation Layer will detect the modified,enforced actuation value. The CARMENAS system can also reject requestsreceived on RI completely.

FIG. 5 shows steps of a method according to a further embodiment of thepresent invention. In FIG. 5 a sequence diagram for the deployment ofthe CARMENAS method on top of the management layer is shown. Prior tothe start of the sequence, there are already served requests byapplications B and C.

-   -   1. CARMENAS's decision logic DL implementable on a computing        entity receives from a requestor A, e.g. a specialized building        application a request.    -   2. CARMENAS fetches from its State Data Base SDB the currently        served requests. At present requests from B and C are being        served.    -   3. CARMENAS fetches the consumption characteristics of the        system resources associated to the requests from A, B and C from        the system characteristics storage SC.    -   4. CARMENAS retrieves the stored ASR from the rule storage RS.

Thereafter the CARMENAS method checks for any ASR violation. In thissequence it is assumed at least one ASR is being violated. Hence theoptional “Calculation of modifications” is executed according to aboveprinciples. Here in this exemplary sequence it is assumed that CARMENASconceives modifications to requests of A, B and C.

-   -   5. CARMENAS contacts requestor B about the intended modification        to its request. B confirms the suggested modification.    -   6. CARMENAS contacts requestor C about the intended modification        to its request. C confirms the suggested modification.    -   7. CARMENAS contacts requestor A about the intended modification        to its request. A confirms the suggested modification.    -   8. CARMENAS updates SDB with information regarding the new, i.e.        modified, request of A    -   9. CARMENAS forwards the modified request of A to the Management        Layer for enforcement in the building    -   10. CARMENAS updates SDB with information regarding the modified        request of B    -   11. CARMENAS forwards the modified request of B to the        Management Layer for enforcement in the building    -   12. CARMENAS updates SDB with information regarding the modified        request of C    -   13. CARMENAS forwards the modified request of C to the        Management Layer for enforcement in the building

This sequence diagram does not show multiple negotiation rounds,rejections of modifications or priorities of rules or systems. Neitherit shows the possibility to determine the system characteristics in acontext dependent way, e.g. based on external services or based oninformation the CARMENAS system queries from the management layer.

In a further embodiment the present invention provides a method formediating control requests in buildings comprising the steps of:

-   -   1) Receiving control requests,    -   2) System specific assessment of control request impact in        operational context considering interdependent requests already        served affecting a shared resource,    -   3) Adversary Situation Rule checking and derivation of possible        request modifications in case of ASR violations,    -   4) Negotiation of request modifications with requestors,    -   5) Enforcement of (modified) requests.

In summary, one or more embodiments of the present invention can enableone or more of the following:

-   -   1) Contextual detection of conflicts created by control requests        for different service systems, e.g. via shared supply systems or        shared bottlenecks    -   2) Context aware request conflict resolution by adapting already        served control requests as well as newly received request.    -   3) Negotiation of adaptation of control requests to resolve the        conflict with requestors (already served requestors and        requestor of newly received request).

One or more embodiments of the present invention can provide at leastone of the following advantages:

-   -   Allows protection against unintended adverse service system        interactions by individual application control requests.    -   Negotiation/modification of requests allows specialist        applications to become reactive to building/service system        context.    -   Protects against human errors when adapting individual system        configurations in conflict with system design.    -   Increased efficiency as static rules for e.g. permissible        set-point ranges cannot cover all system contexts.    -   Detection of possibly adverse situations allows to diagnose        applications and system configurations    -   Allowing to choose the coincidence factor more optimistically.

While the invention has been illustrated and described in detail in thedrawings and foregoing description, such illustration and descriptionare to be considered illustrative or exemplary and not restrictive. Itwill be understood that changes and modifications may be made by thoseof ordinary skill within the scope of the following claims. Inparticular, the present invention covers further embodiments with anycombination of features from different embodiments described above andbelow.

The terms used in the claims should be construed to have the broadestreasonable interpretation consistent with the foregoing description. Forexample, the use of the article “a” or “the” in introducing an elementshould not be interpreted as being exclusive of a plurality of elements.Likewise, the recitation of “or” should be interpreted as beinginclusive, such that the recitation of “A or B” is not exclusive of “Aand B,” unless it is clear from the context or the foregoing descriptionthat only one of A and B is intended. Further, the recitation of “atleast one of A, B and C” should be interpreted as one or more of a groupof elements consisting of A, B and C, and should not be interpreted asrequiring at least one of each of the listed elements A, B and C,regardless of whether A, B and C are related as categories or otherwise.Moreover, the recitation of “A, B and/or C” or “at least one of A, B orC” should be interpreted as including any singular entity from thelisted elements, e.g., A, any subset from the listed elements, e.g., Aand B, or the entire list of elements A, B and C.

1: A method for operating one or more service systems, the method beingperformed in a memory of an analyzing entity (AE), the methodcomprising: a) receiving, by an input interface of the AE, one or morecontrol requests for controlling one or more resources of at least oneof the one or more service systems; b) assessing, by the AE, an impacton the one or more service systems of the one or more control requestsby checking an effect on already performed control requests forresources of the one or more service systems when the one or morecontrol requests would be performed on one or more of the resources ofthe at least one of one or more service systems; c) checking, by the AE,if the assessed impact violates one or more adverse situation rules(ASR), wherein an ASR violation represents a situation of the servicesystem in which at least partly contradicting effects on one or moreresources of the one or more service systems would occur due to aperformance of the one or more control requests; d) upon violation ofone or more ASR, computing, by the AE to reduce violation of the one ormore ASR, one or more adapted control requests for one or more of thecontrol requests and/or one or more of the ready performed controlrequests; e) negotiating, by the AE, with requestors of the one or moreof the control requests and/or the one or more of the already performedcontrol requests, the computed adapted control requests until acceptanceis achieved, wherein the negotiating includes one or more recomputedadapted control requests; and f) upon acceptance, transmitting, by theAE, the accepted control requests via an output interface to recipientsof the control requests. 2: The method according to claim 1, wherein forassessing the impact on the one or more service systems, operationalparameters representing behavior of the one or more service systemsand/or contextual information is evaluated. 3: The method according toclaim 2, wherein the operational parameters and/or the contextualinformation is provided by a neural network and/or a database. 4: Themethod according to claim 1, wherein for determining an ASR violation,energy consumption constraints. 5: The method according to claim 1,wherein an ASR is provided in form of a logical expression of one ormore conditions of the one or more service systems which are notpermissible. 6: The method according to claim 1, wherein for at leaststep b) and/or d), sensor information of sensors and actuatorinformation of actuators of resources of the one or more service systemsis provided. 7: The method according to claim 6, wherein the sensorinformation and the actuator information includes energy consumptioninformation of the resources. 8: The method according to claim 1,wherein steps c)-f) are performed for already admitted control requestsin pre-defined time-intervals and/or periodically. 9: The methodaccording to claim 2, wherein the operational parameters are evaluateddynamically. 10: The method according to claim 1, wherein fordetermining a violation of one or more ASR effects of different controlrequests are weighed against each other. 11: The method according toclaim 10, wherein the weights are dependent on the time a request isalready admitted or on a value of an operational parameter on which therequest has an impact or weights are determined based on externalinformation. 12: The method according to claim 1, wherein an algebra iscomputed to identify possible valid adaptions to control requests. 13:The method according to claim 1, wherein relative importance rankingsare determined and used during and for the negotiation. 14: A computingentity, comprising: an input interface configured to receive one or morecontrol requests for controlling one or more resources of one or moreservice systems, an output interface configured to transmit acceptedcontrol requests to recipients of the control requests, a computercomprising a processor and a memory, the computer being configured to:receive, from the input interface, one or more control requests forcontrolling one or more resources of at least one of the one or moreservice systems, assess the impact on the one or more service systems ofthe one or more control requests by checking the effect on alreadyperformed control requests for resources of the one or more servicesystems, when the one or more control requests would be performed on oneor more of the resources of the at least one of the one or more servicesystems, check if the assessed impact violates one or more adversesituation rules (ASR), wherein an ASR violation represents a situationof the service system in which at least partly contradicting effects onone or more resources of the one or more service systems would occur dueto a performance of the one or more control requests, compute, uponviolation of one or more ASR, one or more adapted control requests forone or more of control requests and/or one or more of the alreadyperformed control requests, the computing being directed to reduceviolation of the ASR, negotiate with requestors of the one or more ofthe control requests and/or the one or more of the already performedcontrol requests, the computed adapted control requests until acceptanceis achieved, wherein the negotiating includes one or more recomputedadapted control requests, and transmit the accepted control requests viathe output interface to the recipients of the control requests. 15: Anon-transitory computer readable medium storing a program configured,when executed, to cause a computer to execute a method for operating oneor more service systems, the method comprising: a) receiving, by aninput interface of the AE, one or more control requests for controllingone or more resources of at least one of the one or more servicesystems; b) assessing, by the AE, an impact on the one or more servicesystems of the one or more control requests by checking an effect onalready performed control requests for resources of the one or moreservice systems when the one or more control requests would be performedon one or more of the resources of the at least one of one or moreservice systems; c) checking, by the AE; if the assessed impact violatesone or more adverse situation rules (ASR), wherein an ASR violationrepresents a situation of the service system in which at least partlycontradicting effects on one or more resources of the one or moreservice systems would occur due to a performance of the one or morecontrol requests; d) upon violation of one or more ASR, computing, bythe AE to reduce violation of the one or more ASR, one or more adaptedcontrol requests for one or more of the control requests and/or one ormore of the already performed control requests; e) negotiating, by theAE, with requestors of the one or more of the control requests and/orthe one or more of the already performed control requests, the computedadapted control requests until acceptance is achieved, wherein thenegotiating includes one or more recomputed adapted control requests;and f) upon acceptance, transmitting, by the AE, the accepted controlrequests via an output interface to recipients of the control requests.